China suspected in massive breach of U.S. federal personnel data

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

China suspected in massive breach of U.S. federal personnel data

WASHINGTON — Four million current and former federal employees may have had their personal information hacked, the Office of Personnel Management said on Thursday.

The agency, which is responsible for security clearances and background checks, warned it was urging potential victims to monitor their financial statements and obtain new credit reports.

Investigators believe that the massive breach of the federal data system was carried out by the Chinese government, a law enforcement and U.S. official told CNN.

The Office of Personnel Management says only employees of the federal executive branch were affected by the hack they announced today.

Employees of the legislative and judicial branches, and uniformed military personnel, were not affected.

There are currently 2.7 million federal executive branch employees — it’s unclear if this affected every single one (plus former employees), or only a portion.

The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to eventually unearth the information breach in April 2015, the Department of Homeland Security said. A month later, the federal agency learned sensitive data had been compromised.

The federal agency learned of the breach in April 2015, the Department of Homeland Security said in a statement Thursday. A month later, the federal agency learned data had been compromised.

The FBI is now investigating what exactly led to the breach.

“We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI said in a statement.

The federal personnel office said “personally identifiable information” had been breached, though didn’t name who might be responsible.

The Washington Post and Wall Street Journal first reported Thursday that Chinese hackers were responsible for the breach.

Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wisconsin, called the breach “disturbing” and said the Office of Personnel Management needs to do a better job securing its information.

“It is disturbing to learn that hackers could have sensitive personal information on a huge number of current and former federal employees — and, if media reports are correct, that information could be in the hands of China,” Johnson said in a statement. “(The office) says it ‘has undertaken an aggressive effort to update its cybersecurity posture.’ Plainly, it must do a better job, especially given the sensitive nature of the information it holds.”

California Rep. Adam Schiff, the top Democrat on the House Intelligence Committee, said hackers are one of the “greatest challenges we face on a daily bases.”

“It’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue,” Schiff said in a statement. “That’s why the House moved forward on cybersecurity legislation earlier this year, and it’s my hope that this latest incident will spur the Senate to action.”

Russia is believed to have been responsible for a separate data breach earlier this week that made 100,000 Americans’ tax returns vulnerable to criminals, when the Internal Revenue Service was attacked.